Cyber insurance providers are tightening their requirements for Multi-factor Authentication. For starters, they are being more verbose about the systems and services on which MFA is enabled. They’re making what had been a very broad question into a set of discrete questions. Essentially, what was “Do you have MFA enabled?” is now “Do you have MFA enabled on x, y, and z?”  ..read more

The RSA Conference 2022 was in full gear in June. It was back to an in-person event, and it was packed. For me, I was a first-time attendee. I’ve been to other major events, such as Microsoft Ignite, so I thought I knew what to expect. In a way I was both right and wrong.  ..read more

CEOs are Aware of Ransomware, but Do They Understand? The World Economic Forum’s 2022 Global Risks Report punctuated what those in the cybersecurity trenches know: ransomware and malicious nation states pose a serious, universal threat ..read more

Enabling and Microsoft just completed a trilogy of webinars on Zero Trust. Several questions were covered live, but due to time constraints, this blog reviews and answers all that were asked. The blog also reviews the survey data from our attendees, which show a significant dichotomy between what IT pros think about ransomware risk, and what their business leaders think about the risk ..read more

  ..read more

“A Different category than what we have seen.” The Solarwinds and Codecov attacks have shown that typical security mechanisms won't protect against stealthy attacks from well-funded adversaries. The Senate hearings led by Senator Warren (D-VA) (quoted above) highlighted why detection and response are now more critical than ever ..read more

Businesspeople are being compromised by an Office pop up asking them to grant permissions to what that looks like a normal Office app (see image below). By clicking, they're unknowingly providing a bad actor's application with access to their contact info, mailbox settings, and sign-in access. Scary stuff that you'd know to decline, but the kind of thing everyday co-workers often click to accept. Proofpoint claims 1 in 5 people are falling for it ..read more

During the Senate hearing on the software supply chain attack that corrupted SolarWinds and its ~17,000 Orion customers, there were several salient themes and many fascinating details. Enterprises, government entities, and software suppliers can take note ..read more

Phishing is still the most used type of attack to compromise individuals, primarily because it is the easiest and cheapest tactic.  The average user is still very susceptible to the advanced email social engineering bad actors are capable of crafting.  There are many technological defensive solutions to combating phishing, but the best defense is a well-educated user.  We need to provide constant training and education to users regarding the latest tactics used and the understanding that they are being targeted, even if they feel the ..read more

It's simple to spin up a VM host for WVD, but selecting and configuring proper security controls takes more time and effort. After some significant deployments of Windows Virtual Desktop, our engineers share emerging best practices for securing the hosts, users, network, and data.   ..read more